[Image via all-flags-world]

Yesterday, Colorado announced that it would implement regular risk-limiting audits (RLA) for its elections, starting this November. POLITICO has more:

Colorado on Monday said it will become the first state to regularly conduct a sophisticated post-election audit that cybersecurity experts have long called necessary for ensuring hackers aren’t meddling with vote tallies.

The procedure — known as a “risk-limiting” audit — allows officials to double-check a sample of paper ballots against digital tallies to determine whether results were tabulated correctly. The election security firm Free & Fair will design the auditing software for Colorado, and the state will make the technology available for other states to modify for their own use.

The audit will allow Colorado to say, “with a high level of statistical probability that has never existed before,” that official election results have not been manipulated, said Colorado Secretary of State Wayne Williams in a statement…

Colorado believes implementing the risk-limiting audit will make the state ready for any scenario.

“If a voting system has been maliciously altered in some way, [this audit] should give the public great assurance that we are going to know that, and we will adjust the result accordingly,” Dwight Shellman, county support manager in the Colorado elections office and the official helping to coordinate the new auditing process, told POLITICO in an interview.

While the decision to move to RLA seems well-timed with recent headlines about election security, the decision has been in the works for quite some time – and experts say it will up the state’s ability to identify problems dramatically:

Colorado enacted the audit requirement in 2009 but delayed its implementation to allow counties to test different methods. Beginning in November, according to a rule still being drafted, Williams’ office will select at least one statewide and one countywide race for each county to audit…

[C]omputer scientists said states could eliminate the need for such recounts in the future by implementing risk-limiting audits. Currently, only two states — Colorado and New Mexico — “conduct audits that are robust enough to detect cyberattacks,” said J. Alex Halderman, a computer science professor at the University of Michigan who led the push for recounts, testifying before Congress in June. But so far, the two states have conducted them only sporadically.

Halderman told POLITICO that Colorado’s new approach was “an excellent model for other states to follow.”

“Colorado’s use of paper ballots and risk-limit audits empowers the state to detect and correct any vote-changing cyberattacks, without relying on the Federal government or the intelligence community,” he said in an email.

Unlike other post-election audits, which rely upon a fixed percentage sample of ballots or precincts, RLA uses sophisticated sampling techniques to identify a much smaller number of ballots that can then be used to assess the risk that an election outcome might be in question and thus need further review:

Risk-limiting audits are less expensive than other types of audits because they sample fewer ballots. But because they use sophisticated statistical methods, the method actually produces more reliable results.

For example, a regular audit of the 2016 presidential election results in Colorado would have required counting more than 32,000 paper ballots out of 2.85 million votes statewide. That number will drop to 142 with the new risk-limiting audit software, according to Stephanie Singer, the project lead at Free & Fair.

In a risk-limiting audit, state officials select a sample of paper ballots — usually based on the margin of the outcome — and compare them using statistical methods to the electronically cataloged results of those ballots.

They also select a “risk limit,” which is the percentage chance that their audit will fail to catch incorrect results that could have been caused by tampering. For example, an audit with a risk limit of 5 percent will have a 95 percent chance of successfully catching incorrect vote tabulation.

Risk-limiting audits can be used to determine whether a more comprehensive recount is needed.

“This is just a commonsense quality control maneuver,” said Singer. “If you had any kind of machine that did a job and you were depending on its output, you would every so often run tests on the machine to make sure that it’s doing what it says it’s doing. It’s really, really just basic quality control.”

It’s worth noting that Colorado intends to share the auditing software with other states so that they, too, can use RLA:

Shellman said he hoped that other states would follow Colorado’s lead with auditing as they upgraded their voting equipment. Many cybersecurity experts have accused states of lacking the urgency to address what they feel are glaring security shortcomings in the electoral process.

“This is a marked improvement,” he said, “and I think other states will get there when they’re technologically able to be there.”

Colorado will publish its auditing software under a free license so other states can download and modify it for their own use.

This is a significant move by Colorado; still, I’ll be interested to see how the plan works in practice – from choosing contests to sampling to ballot review to decisions about further checks of individual races. If the process is as cost-effective and straightforward as everyone hopes, this could be a huge opportunity for states to dramatically improve their post-election audits.

Congratulations to Free & Fair and the Colorado elections office for partnering on this exciting new project – and for being willing to share the tools with the entire election community.

Stay tuned …